ISAE 3402 | SOC1
Organizations that provides services that have no effect on their customers' financial statements can have these activities "certified" according to ISAE 3000. The general IT controls or (GITCs) are described by the organization and provided with an assurance statement by an external auditor. Such an audit is then carried out in accordance with ISAE 3000. The standard framework for this audit can in such a case be the Trust Service Principles or a more generic standard framework, such as COBIT. If your customers are also located in the United States, it is recommended to have a SOC 2 report drawn up in accordance with the Trust Service Principles.
Experts in the field of pension services, asset management and property management are working at Conclude.